IN THE CLAIMS 



This listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listing of Claims: 

1. (Currently Amended) A method for assembling fragmented network traffic, comprising: 

detecting in the fragmented network traffic an anomaly that could result in two or 
more fragments comprising the fragmented network traffic being reassembled at a monitoring 
node to obtain a reassembled data flow that is different than [[the]] a corresponding data as 
reassembled at a destination node to which the fragmented network traffic is addressed; 

initiating in response to detecting said anomaly expanded buffering of said 
fragmented network traffic; and 

performing further processing on the fragmented network traffic having the 

anomaly. 

2. (Original) A method as recited in claim 1 wherein detecting an anomaly comprises 
determining that said two or more fragments overlap. 

3. (Original) A method as recited in claim 2 wherein determining that said two or more 
fragments overlap comprises reading a header value associated with one of the fragments. 

4. (Original) A method as recited in claim 3 wherein the header value comprises an offset 
value. 
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5. (Original) A method as recited in claim 1 wherein detecting an anomaly comprises 
determining that said two or more fragments overlap and that at least two of said fragments 
comprise different data for an overlapping portion of said fragments. 

6. (Original) A method as recited in claim 1 wherein performing further processing 
comprises determining configuration information associated with said destination node. 

7. (Original) A method as recited in claim 6 wherein determining configuration information 
comprises querying the destination node. 

8. (Original) A method as recited in claim 6 wherein determining configuration information 
comprises querying an information base. 

9. (Original) A method as recited in claim 1 wherein performing further processing 
comprises reassembling the fragmented network traffic to generate more than one variant of the 
reassembled data flow. 

10. (Original) A method as recited in claim 1 further including processing the anomaly to 
determine whether the fragmented network traffic is associated with a threat. 

11. (Original) A method as recited in claim 1 further including performing an action on the 
fragmented network traffic based on whether the fragmented network traffic is associated with a 
threat. 

12. (Original) A method as recited in claim 1 further including discarding at least a portion of 
the fragmented network traffic if the fragmented network traffic is associated with a threat. 
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13. (Original) A method as recited in claim 1 further including copying one or more 
fragments comprising the fragmented network traffic to a buffer. 

14. (Original) A method as recited in claim 1 wherein performing further processing 
comprises sending an alert. 

15. (Original) A method as recited in claim 1 wherein performing further processing 
comprises determining whether the fragmented network traffic should be blocked. 

16. (Original) A method as recited in claim 1 wherein performing further processing 
comprises determining whether the fragmented network traffic should be forwarded to the 
destination node. 

17. (Canceled) 

18. (Original) A method as recited in claim 1 wherein performing further processing 
comprises initiating increased buffering of the fragmented network traffic if it is determined that 
two or more fragments comprising said fragmented network traffic have overlapping portions. 

19. (Original) A method as recited in claim 1 wherein performing further processing 
comprises initiating increased buffering of the fragmented network traffic if it is determined that 
two or more fragments comprising said fragmented network traffic have mismatching 
overlapping portions. 



Application Serial No. 10/775,537 
Attorney Docket No. SYMAP04 1 



4 



20. (Currently Amended) A system for assembling fragmented network traffic, comprising: 

a memory configured to store at least a portion of the fragmented network traffic; 

and 

a processor configured to detect in the fragmented network traffic an anomaly that 
could result in two or more fragments comprising the fragmented network traffic being 
reassembled at a monitoring node to obtain a reassembled data flow that is different than [[the]] a 
corresponding data as reassembled at a destination node to which the fragmented network traffic 
is addressed; initiate in response to detecting said anomaly expanded buffering of said 
fragmented network traffic; and perform further processing on the fragmented network traffic 
having the anomaly. 

21. (Currently Amended) A computer program product for assembling fragmented network 
traffic, the computer program product being embodied in a computer readable medium and 
comprising computer instructions for: 

detecting in the fragmented network traffic an anomaly that could result in two or 
more fragments comprising the fragmented network traffic being reassembled at a monitoring 
node to obtain a reassembled data flow that is different than [[the]] a corresponding data as 
reassembled at a destination node to which the fragmented network traffic is addressed; 

initiating in response to detecting said anomaly expanded buffering of said 
fragmented network traffic: and 

performing further processing on the fragmented network traffic having the 
anomaly. 
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